Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab

Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put them at risk. Legitify, an open-source tool from Legit Security, addresses that gap by scanning GitHub and GitLab environments and reporting policy violations across organizations, repositories, members, and CI/CD runner groups. What it checks Legitify evaluates configurations across five namespaces: organization-level settings, GitHub Actions configurations, member accounts, repositories, and runner groups. … More →

The post Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab appeared first on Help Net Security.